Privacy Policy — Plugil Inc.

Introduction- Who are we

Welcome to Plu, a product of Plugil Inc, a Delaware-incorporated technology company, developers of Plu — the global custodial and on-chain card spending platform.

Plugil Inc. (“Plugil,” “we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use the Plu mobile application (“Plu” or the “App”), our website, and related services (collectively, the “Services”).

By accessing or using Plu, you acknowledge that you have read, understood, and agreed to be bound by this Privacy Policy.

Information We Collect- Personal Information You Provide

We may collect the following categories of personal information when you register or interact with our Services:

  • Identity information: full name, date of birth, nationality
  • Contact information: email address, phone number
  • Verification information: ID documents (passport, driver’s license), selfies
  • Financial information: wallet addresses, stablecoin balances, card usage details
  • Support data: messages, inquiries, complaint logs

Automatically Collected Information

When you use Plu, we may collect:

  • Device information (model, OS version, unique identifiers)
  • IP address and geolocation data
  • Usage data (features used, interaction timestamps)
  • Transaction metadata (not private keys or seed phrases)
  • Error logs and performance metrics

Blockchain Information (Public On-Chain Data)

When you use stablecoin wallets or on-chain features:

  • Public blockchain data such as wallet addresses and transaction hashes may be visible on-chain
  • Stablecoin interactions (USDT, USDC, etc.)
  • Plu does NOT store private keys, seed phrases, or user custody keys.

How We Use Your Information

Plugil uses your information to:

  • Provide and maintain the Plu App and card services
  • Enable on-chain transactions, stablecoin spending, and wallet functionality
  • Verify your identity and comply with KYC/AML regulations
  • Prevent fraud and unauthorized activity
  • Improve product performance and user experience
  • Send service updates, notifications, and security alerts
  • Conduct analytics to understand usage trends

We do not sell your personal data.

Legal Basis for Processing (For GDPR Applicability)

If you reside in the EU/EEA, we process your data under these legal bases:

  • Contract performance
  • Legitimate interest
  • Legal compliance
  • Consent, where expressly provided

How We Share Information

We may share information with:

  • Financial partners (card issuers, payment processors, blockchain infrastructure providers)
  • Identity verification vendors
  • Compliance partners for AML/KYC checks
  • Cloud hosting providers
  • Regulatory authorities, when required by law

We will never sell your data to advertisers.

Your Data Rights

Depending on your jurisdiction, you may:

  • Access your personal data
  • Correct inaccurate information
  • Delete your data (subject to legal retention requirements)
  • Withdraw consent
  • Request portability

Data Security

Plugil applies industry-standard security measures, including:

  • Encryption in transit and at rest
  • Secure multi-region cloud architecture
  • No storage of private keys
  • Restricted employee access controls
  • Multi-region failover systems

However, no method of transmission is 100% secure.

Data Retention

We retain information:

  • As long as your account is active
  • As required for legal, regulatory, and compliance purposes
  • For fraud prevention and dispute resolution

International Transfers

Your information may be processed in:
The United States
Other countries where Plugil operates or partners with providers
Countries hosting our compliant cloud infrastructure

Plugil uses Standard Contractual Clauses and similar safeguards for international transfers where required.

Data Retention Policy- Data We Delete

Upon account deletion, we remove:

  • Profile data
  • Contacts
  • Device data
  • Usage logs
  • App preferences
  • Cached app information

Deletion occurs within 30 days unless legally required otherwise.

Data We Retain

Due to financial and regulatory obligations, certain information must be stored for 5–7 years, including:

  • KYC data
  • AML and compliance data
  • Transaction and audit logs
  • Fraud prevention records

Data Stored on Public Blockchains

Blockchain data (wallet addresses, transactions) cannot be deleted due to immutable ledger design.

Account Deletion Instructions (Required by Google Play and App Store)

Plugil Inc. provides transparent options for deleting your Plu account and requesting deletion of associated data.

How to Delete Your Account in the App

  • Open the Plu App
  • Navigate to Settings
  • Select Account
  • Tap Delete Account
  • Confirm the deletion request

Your account will be permanently deleted within 30 days.

How to Request Data Deletion

If you want your personal data removed:

  • Email: support@getplu.com
  • In-App: Settings → Help & Support → Request Data Deletion

Your request will be processed within 10–30 days depending on compliance verification.

Your Rights

Depending on your region, you may have the right to:

  • Access your data
  • Correct inaccuracies
  • Request deletion
  • Request transfer of your data
  • Withdraw consent
  • Restrict or object to processing

Types of Data Deleted

When a user deletes their account:

Deleted Immediately or Within 30 Days:
  • Profile information (name, email, phone number)
  • Device information
  • Contact information
  • Transaction activity logs stored in our servers
  • Support messages
  • Preferences & metadata
Deleted Automatically via App Interface (Client-Side):
  • Cached app data
  • Device storage data

Types of Data That May Be Retained

Due to legal, regulatory, and financial compliance obligations, Plugil may retain certain data for required periods:

Retained for 5–7 years (Compliance Requirements):
  • KYC/identity verification data
  • AML/transaction compliance records
  • Fraud prevention logs
  • Audit logs
  • Tax or financial reporting data
Retained Permanently (Public Blockchain Data):
  • Public blockchain records (wallet addresses, transaction hashes)

These records cannot be altered or deleted because blockchain systems are immutable. Plugil never stores private keys.

Why Certain Data Cannot Be Deleted

Some data must remain accessible for:
Regulatory compliance (KYC/AML/CTF)
Financial recordkeeping
Fraud and dispute resolution
Preventing unauthorized account recreation

We delete everything we legally can, and retain only what is required by law.

Additional Notes

  • Data retained for compliance is isolated and stored securely.
  • Once the required retention period ends, data is permanently deleted.
  • Plugil does not sell user data.
  • All retained data is protected using industry-standard security measures.

Children’s Privacy

Plu is not intended for individuals under 18. We do not knowingly collect data from minors.

Changes to This Policy

Plugil may update this Privacy Policy at any time. Changes become effective upon posting.

Contact Us

Plugil Inc.

Email: support@getplu.com

Website: www.getplu.com